Brainstorming on CICD Pipeline Design

2023-09-01

Brainstorming on CICD Pipeline Design

What are the questions that I should be asking myself when I’m thinking about how to automate security in a CICD pipeline?

What about a CICD pipeline without thinking about security?

What should CICD Pipelines do?
What shouldn’t CICD Pipelines do?

These feel too general. These might be valuable to explore, but I think that making them more specific will be better.

The questions that I ask myself are important because they will determine the architecture of the pipeline. I feel like I’m starting to understand what 2 of my coworkers, Gil and Vishal, are talking about. If I start trying to design a CICD pipeline with an existing piece of automation, it’s not a good starting point. But if I start with the right principles in mind, building good ideas becomes easier.

Thoughts on Vulnerability Scanning in the Software Development Lifecycle

2023-08-01

#programming #vulnerabilities #cybersecurity

Intro

I’m thinking about what the best way is to manage vulnerability scanning in the SDLC.

Sitting down and really thinking about this is a culmination of talking with coworkers about this for a while, and stuff that’s been happening at work.

Specifically, if the goal is to:

Provide developers vulnerability data as fast as possible
Provide developers vulnerability data in a FULLY automated manner

(Maybe as a bonus, we can also)

Flight to Hawaii

2022-08-25

#casual

Going to see a friend from my childhood, a good friend of my late mom - Jet Dee. Can’t wait.

Will update this blog more after I land.

Update: It was pretty good. Been awake for 36 hours…and caught the Plymouth Brockton bus with about 30 seconds to spare.

I’ll probably update this later… I would just ramble about something random if I wrote more.

What I really should do is figure out how to make the functionality of “view only post tagged with X”. I might need to ask David K the best way to do this.